Ilan Zerbib, Founder and CEO of Sapiom – Interview Series

Ilan Zerbib, Founder and CEO of Sapiom, is a seasoned engineering leader and serial entrepreneur with deep expertise in payments, large-scale systems, and automation. Prior to founding Sapiom, he served as Director of Engineering, Payments at Shopify, where he helped scale Shop Pay into a flagship product and launched Shop Cash, a combined loyalty and advertising platform. Earlier, he co-founded Earny, an autonomous consumer agent that enabled millions of users to secure refunds through advanced price-tracking technology, ultimately leading to its acquisition. His career spans building high-scale distributed systems, cybersecurity work with the French Ministry for Armed Forces, and multiple startup ventures, all of which inform his current focus on enabling AI agents to transact in the real world.

Sapiom is building a developer-first financial operating system designed to give AI agents the ability to safely and autonomously transact. The platform abstracts payments, authentication, and access into a programmable layer, allowing agents to pay for APIs, compute, messaging, and other services without relying on traditional accounts or manual billing workflows. By turning AI agents into independent economic actors operating under defined rules and limits, Sapiom aims to remove a key barrier to real-world AI deployment and establish foundational infrastructure for the emerging agent-driven economy.

You helped scale Shop Pay to over $100B in GMV and previously built Earny into a large-scale consumer fintech platform. What specific gap did you see that led you to start Sapiom, and why is now the right moment to build a financial layer for AI agents?

Agents crossed a threshold. They can now do real work, but they can’t finish it.

They can write code, plan workflows, and design systems. Then they hit a wall. They can’t pay for compute, provision APIs, or access services without a human stepping in. That breaks the loop.

The internet assumes a person is always involved. Sign up, add a card, manage credentials, approve spend. That model worked when software supported humans. It fails when software starts acting on its own.

This is the moment because the capability already exists. The blocker is access.

Sapiom is positioning “money as the universal API key.” Can you unpack what that means technically, and how it changes how developers think about integrations?

Every service gates access through payment. No payment, no API, no compute, no data.

Today, that flow runs through a human. Someone signs up, attaches billing, copies keys, and wires it all together. That’s the bottleneck.

We treat spend as a function call. An agent requests a service, pays within a defined policy, and moves on. Identity, billing, and enforcement happen in the background.

That changes how developers build. Instead of stitching together vendors one by one, they give agents a way to access anything on demand, within limits.

Today, AI agents can call APIs but still rely heavily on human-controlled billing, authentication, and permissions. What are the biggest bottlenecks preventing true autonomous execution?

Access is the bottleneck. Models can already plan multi-step workflows and write production-grade code. That’s not the problem anymore. The problem is that they can’t act.

If an agent can’t send a message, run a search, or pay for a service, the work stops. It can plan a campaign but never launch it.

Every service has its own onboarding, billing setup, and auth model. There’s no shared layer that lets agents discover and use services in real time. Until that exists, agents stay stuck in planning mode.

At a systems level, how does Sapiom handle identity and trust for AI agents, especially when those agents are acting independently across multiple services?

We treat agents like real actors in the system. Each agent has an identity, a set of permissions, and a defined scope. Every action runs through policy. Budget, allowed services, rate limits. If it falls outside those bounds, it doesn’t execute.

We attach context to every transaction. Which agent acted, under what rules, against which service, with what result. That gives you traceability. When something breaks, you see exactly what happened and where.

You’ve built large-scale payment infrastructure before. What new challenges emerge when the “user” making transactions is an AI agent rather than a human?

Volume and behavior. Agents don’t act like humans. They run in parallel, hit services at high frequency, and execute continuously. That trips every fraud system built for human patterns.

Legacy systems assume a person behind the action. Agents break that assumption. What looks suspicious in a human system is normal for an agent.

You can’t bolt this onto existing rails. You have to define policy upfront and enforce it before execution. Otherwise you’re always reacting after the fact.

Many developers are experimenting with agent frameworks, but monetization and cost control remain messy. How does Sapiom introduce observability and governance into agent spending?

You set constraints first. Each agent runs with a budget, a set of permissions, and limits on where and how it can spend. Those rules are enforced automatically. No manual review loop.

Every action is tied back to an agent. You know what it did, what it cost, and what outcome it produced.

You also get full logs. Every request, every transaction, every result. If something drifts, you catch it fast and shut it down.

Without that, agents optimize for activity. With it, they optimize for outcomes.

There’s a growing conversation around agent-to-agent commerce. Do you see a future where AI agents are negotiating, purchasing, and managing services entirely on their own?

Yes. Agents are already moving from chat to execution. They provision infrastructure, call APIs, and coordinate workflows. The next step is handling the transaction layer directly.

Once they can access services without friction, they start to behave like economic actors. They choose vendors, manage costs, and run processes end to end.

This is already starting. The infrastructure is just catching up.

Security feels like a major concern here. How do you prevent rogue agents, prompt injection attacks, or unintended transactions when agents have spending power?

You don’t rely on detection after the fact. You block bad actions before they happen.

Every request runs through policy. If it exceeds budget, hits a disallowed service, or breaks rate limits, it fails immediately.

We log everything. If an agent starts behaving outside its normal pattern, you see it in context and can shut it down.

The goal isn’t perfect behavior. It’s bounded behavior. When something goes wrong, it stays contained.

Right now you’re focused on B2B use cases, but there’s a clear path toward consumer agents handling purchases. What needs to happen before users are comfortable letting AI make financial decisions on their behalf?

Consumers won’t trust this without control.

They need to see what the agent is doing, where money is going, and what rules it’s following. That means clear limits, clear attribution, and the ability to step in at any point.

This will start in B2B because companies can define constraints and absorb risk. Once the systems prove they can operate safely, that model moves downstream to consumers.

Looking ahead three to five years, do you think the dominant interface to the internet becomes agents transacting on behalf of users?

Yes.

Applications are already shifting in that direction. Behind every action is a chain of services. Messaging, compute, payments. Each step has a cost.

Right now, humans manage that chain. That won’t scale.

Agents will take over execution. They’ll decide what to call, what to buy, and how to complete a task.

At that point, software becomes the customer of the internet. The only question is how fast the infrastructure catches up.

Thank you for the great interview, readers who wish to learn more should visit Sapiom.